View Full Version : Fluffermine-D trojan infection
ReveurGAM
2013-11-15, 20:10
BBNetwork suggested I open this thread. Please see my thread regarding my problems for most of the pertinent info you'll need: System Scan cannot be viewed, always minimized (http://forums.spybot.info/showthread.php?69683-System-Scan-cannot-be-viewed-always-minimized&p=446960#post446960). The other laptop shows no further indications of infection and uses the same security software. Both use WinPatrol, too. I have run Avast! AV Free 2014, Spybot 2.2, Malwarebytes' Antimalware and SuperANTISpyware to try and deal with this problem.
This is an HP Mini 210-4000, Intel Atom CPU N2800 @1.86GHz, 2GB RAM, W32 7 Starter SP1. Following is the DDS report and "attach" is attached.
aswmbr report follows the DDS report.
I have run ERUNT. Thank you for your help!
Namaste, peace & love,
Glenn
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Roligio at 0:00:28 on 2013-11-16
Microsoft Windows 7 Starter 6.1.7601.1.1252.62.1033.18.2036.938 [GMT 7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Windows\DrvUtils.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpage.com/
uSearch Bar = hxxp://www.bing.com
uProxyServer = localhost:21320
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32
mRun: [HotKeysCmds] c:\windows\system32
mRun: [Persistence] c:\windows\system32
mRun: [GfxServiceInstall] c:\windows\system32
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [SetDefault] c:\program files\hewlett-packard\hp launchbox\SetDefault.exe
mRun: [HPOSD] c:\program files\hewlett-packard\hp on screen display\HPOSD.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{86B1ABA0-7739-4F8B-A0A9-5830396DF100} : DHCPNameServer = 40.23.1.201 40.23.1.202
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\348455242495F5D45425D4149444F5A454454595 : DHCPNameServer = 8.8.8.8 202.134.0.155
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\35075656465507023513 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\46E646F536166656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\75162757E676020516374716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\77162757E6760716374716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\D497023507565646970423239343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F662485A-1E48-424D-92AF-2CEB26B9F4FA} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\roligio\appdata\roaming\mozilla\firefox\profiles\7zvcof2w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.1.2\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\roligio\appdata\local\fancy\npfancygame.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-8 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-8 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-8 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-8 403440]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-9 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-8 119024]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-3-1 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-8 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-8 70384]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-10-22 85152]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-12 50344]
R2 CDMA Device Utility and Service;CDMA Device Utility and Service;c:\windows\DrvUtils.exe [2013-5-9 198144]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-3-1 13336]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-11-14 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-11-14 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-11-14 171416]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-10-22 158880]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-10-22 35488]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-22 290976]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-22 97440]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-10-22 25248]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-10-22 147616]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-10-22 60064]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-10-22 263968]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-10-22 445088]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-7-29 27632]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2011-12-30 1338368]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2011-12-30 418816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-3-1 197224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-3-1 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-11 1734680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fcusbser;Wireless Network USB Device for Legacy Serial Communication FC;c:\windows\system32\drivers\fcusbser.sys [2013-5-18 105216]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-11-13 31560]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-12 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-12 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-5-12 27136]
S3 via_cdc_acm;VIA Telecom USB CDC ACM driver;c:\windows\system32\drivers\VIA_USB_SER.sys [2013-5-9 45056]
S3 VIA_USB_ETS;VIA Telecom ETS Driver;c:\windows\system32\drivers\VIA_USB_ETS.sys [2013-5-9 18560]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2013-11-15 15:58:55 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6a28983-571d-4a9d-8ec5-233ad7e9fa61}\mpengine.dll
2013-11-14 16:25:00 0 ----a-w- c:\windows\system32\shoE6D8.tmp
2013-11-14 13:10:11 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-11-14 05:01:09 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 04:56:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-14 04:56:13 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-14 04:56:12 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-14 04:56:12 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-14 04:56:11 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-14 04:56:11 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-14 04:56:10 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-14 04:56:09 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-14 04:56:09 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-14 04:56:08 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-13 23:55:34 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-13 23:55:32 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 23:55:29 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-13 21:26:45 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 21:20:28 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 21:20:27 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 21:20:25 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-13 13:57:45 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-12 10:54:26 -------- d-----w- c:\users\roligio\appdata\roaming\AVAST Software
2013-11-12 10:37:30 -------- d-----w- c:\programdata\Panda Security
2013-11-12 10:37:18 -------- d-----w- c:\program files\Panda USB Vaccine
2013-11-11 13:45:39 -------- d-----w- c:\users\roligio\appdata\local\{A8A2AE4E-B34F-4D57-BA80-9CAFBECEC63E}
2013-11-04 16:32:02 -------- d-----w- c:\users\roligio\appdata\local\{06EDDA9C-6217-4E69-BD3D-163800EEE16D}
2013-10-26 06:59:38 -------- d-----w- c:\users\roligio\appdata\local\{B2FAA972-B7FE-47AD-AC81-B9400DE3D795}
2013-10-23 13:28:21 -------- d-----w- c:\users\roligio\appdata\local\{F46DF804-99AD-4192-A95D-48DCA3DC41F6}
2013-10-21 03:18:08 -------- d-----w- c:\users\roligio\appdata\local\{99D3CDAA-EE65-455D-A0EA-717449CDFE55}
2013-10-19 17:07:13 -------- d-----w- c:\users\roligio\appdata\local\{B99EBC62-EA86-4FE7-B9B8-016D83C65226}
2013-10-19 16:36:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-11-14 13:35:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-14 13:35:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-12 10:42:02 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-12 10:42:02 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-12 10:42:02 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-12 10:42:02 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-12 10:42:01 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-12 10:42:01 43152 ----a-w- c:\windows\avastSS.scr
2013-11-10 18:55:28 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-10 03:56:08 0 ----a-w- c:\windows\system32\sho2327.tmp
2013-09-18 20:08:56 94208 ----a-w- c:\windows\system32\dpl100.dll
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 01:57:04 0 ----a-w- c:\windows\system32\shoA6AF.tmp
2013-09-03 06:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-26 09:13:02 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-08-25 16:36:11 0 ----a-w- c:\windows\system32\sho1168.tmp
2013-08-19 15:11:37 0 ----a-w- c:\windows\system32\sho2811.tmp
2013-08-17 17:40:24 0 ----a-w- c:\windows\system32\shoFAB2.tmp
.
============= FINISH: 0:01:43,98 ===============
11023
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-16 00:36:51
-----------------------------
00:36:51.641 OS Version: Windows 6.1.7601 Service Pack 1
00:36:51.641 Number of processors: 4 586 0x3601
00:36:51.645 ComputerName: ROLIGIO-HP UserName: Roligio
00:36:53.137 Initialize success
00:36:54.628 AVAST engine defs: 13111401
00:37:55.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:37:55.266 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
00:37:55.398 Disk 0 MBR read successfully
00:37:55.406 Disk 0 MBR scan
00:37:55.414 Disk 0 Windows 7 default MBR code
00:37:55.429 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:37:55.447 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290504 MB offset 409600
00:37:55.489 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14437 MB offset 595361792
00:37:55.530 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
00:37:55.548 Disk 0 scanning sectors +625139712
00:37:55.617 Disk 0 scanning C:\Windows\system32\drivers
00:38:14.469 Service scanning
00:38:36.554 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:38:45.281 Modules scanning
00:39:03.182 Disk 0 trace - called modules:
00:39:03.192 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys halmacpi.dll
00:39:03.195 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862d35a0]
00:39:03.196 3 CLASSPNP.SYS[889cb59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b56028]
00:39:04.299 AVAST engine scan C:\Windows
00:39:07.188 AVAST engine scan C:\Windows\system32
00:42:26.804 AVAST engine scan C:\Windows\system32\drivers
00:42:56.019 AVAST engine scan C:\Users\Roligio
01:00:51.228 AVAST engine scan C:\ProgramData
01:04:30.106 Scan finished successfully
01:06:53.759 Disk 0 MBR has been saved successfully to "C:\Users\Roligio\Desktop\MBR.dat"
01:06:53.781 The log file has been saved successfully to "C:\Users\Roligio\Desktop\aswMBR.txt"
:welcome:
Sorry for the delay, sometimes a thread or two falls through the cracks.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
ReveurGAM
2013-11-25, 03:29
OTL logfile created on: 25/11/2013 6:44:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roligio\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 38,39% Memory free
3,98 Gb Paging File | 2,12 Gb Available in Paging File | 53,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,70 Gb Total Space | 77,86 Gb Free Space | 27,45% Space Free | Partition Type: NTFS
Drive D: | 14,10 Gb Total Space | 1,54 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive E: | 99,00 Mb Total Space | 87,41 Mb Free Space | 88,29% Space Free | Partition Type: FAT32
Drive G: | 931,51 Gb Total Space | 253,79 Gb Free Space | 27,24% Space Free | Partition Type: NTFS
Computer Name: ROLIGIO-HP | User Name: Roligio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Roligio\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Windows\DrvUtils.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe ()
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
PRC - C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (vToolbarUpdater17.1.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe (AVG Secure Search)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (CDMA Device Utility and Service) -- C:\Windows\DrvUtils.exe ()
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV - (tctusbser) -- system32\DRIVERS\tctusbser.sys File not found
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (via_cdc_acm) -- C:\Windows\System32\drivers\VIA_USB_SER.sys (VIA Telecom)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VIA_USB_ETS) -- C:\Windows\System32\drivers\VIA_USB_ETS.sys (Via Telecom, Inc.)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (fcusbser) -- C:\Windows\System32\drivers\fcusbser.sys (BM)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://id.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/88
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://id.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B9fb8c270-7124-11dd-ad8b-0800200c9a66%7D:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: %7Be6c4c3ef-3d4d-42d6-8283-8da73c53a283%7D:2.6.1
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B1ced4832-f06e-413f-aa14-9eb63ad40ace%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: wikilook%40testpilot:2.7.0
FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.7
FF - prefs.js..extensions.enabledAddons: trafficlight%40bitdefender.com:0.2.16
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@fancyguo.com/FancyGame,version=1.0.0.1: C:\Users\Roligio\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1 [2013/11/11 01:56:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/12 17:42:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 12:32:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 12:32:41 | 000,000,000 | ---D | M]
[2012/10/15 11:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Extensions
[2013/11/24 09:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions
[2013/11/01 21:33:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/07/27 14:23:44 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\donottrackplus@abine.com
[2013/08/16 23:01:29 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013/05/12 15:40:28 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\anticontainer@downthemall.net.xpi
[2013/11/10 19:07:32 | 000,343,543 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\artur.dubovoy@gmail.com.xpi
[2013/05/20 09:15:34 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\browserprotect@browserprotect.com.xpi
[2013/05/20 08:27:20 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\customization@adblockplus.org.xpi
[2013/05/20 08:27:26 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/05/12 15:40:17 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\gmailnoads@mywebber.com.xpi
[2013/07/27 14:32:10 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013/05/18 01:46:59 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2013/11/13 07:48:44 | 000,921,410 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\trafficlight@bitdefender.com.xpi
[2013/05/20 09:15:34 | 000,169,939 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\wikilook@testpilot.xpi
[2013/11/24 09:13:26 | 000,382,345 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/05/20 09:15:34 | 000,018,589 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi
[2013/05/20 09:15:34 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013/05/12 15:40:17 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2013/05/12 15:40:16 | 000,023,197 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}.xpi
[2013/10/10 11:21:29 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 09:15:33 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/05/12 15:40:16 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/05/20 09:15:33 | 000,062,136 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}.xpi
[2013/05/12 15:40:16 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013/09/29 11:10:24 | 000,003,725 | ---- | M] () -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\searchplugins\avg-secure-search.xml
[2013/11/16 12:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/16 12:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/16 12:33:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/12 17:42:05 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2013/02/20 09:22:00 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: DownloadAll = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajffocjdcmpgjmdfdfkdfdbkjafbkcke\2.1.1_0\
CHR - Extension: WOT = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.2.1_0\
CHR - Extension: WOT = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.3.1_0\
CHR - Extension: YouTube = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Search All = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.1.6_0\
CHR - Extension: Search All = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.2.5_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1016_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: AdBlock = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: AdBlock = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: avast! Online Security = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Disconnect = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: Google Wallet = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\941e05c1-dbbd-4769-9e24-24d1a874f7e7.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32 [2013/11/14 23:26:04 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32 [2013/11/14 23:26:04 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32 [2013/11/14 23:26:04 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Persistence] C:\Windows\System32 [2013/11/14 23:26:04 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86B1ABA0-7739-4F8B-A0A9-5830396DF100}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F662485A-1E48-424D-92AF-2CEB26B9F4FA}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8c57d54e-9113-11e2-9ccf-9cb70dfba991}\Shell - "" = AutoRun
O33 - MountPoints2\{8c57d54e-9113-11e2-9ccf-9cb70dfba991}\Shell\AutoRun\command - "" = E:\Windows\autorun.exe
O33 - MountPoints2\{c4f01af2-bef1-11e2-905d-9cb70dfba991}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f01af2-bef1-11e2-905d-9cb70dfba991}\Shell\AutoRun\command - "" = E:\.\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:100 /RA:fix /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/18 13:39:06 | 000,000,000 | ---D | C] -- C:\Users\Roligio\AppData\Local\{95755BB5-CE8E-4141-8FEC-14D0E5691CB9}
[2013/11/16 12:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/16 00:36:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/16 00:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/14 23:18:59 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/14 23:18:56 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/14 23:18:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/14 23:18:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/14 23:18:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/14 23:18:51 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/14 23:18:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/14 23:18:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/14 23:18:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/14 23:18:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/14 20:10:11 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/11/14 11:56:10 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/14 11:56:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/14 06:55:34 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/14 06:55:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/14 04:20:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/14 04:20:25 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/12 17:54:26 | 000,000,000 | ---D | C] -- C:\Users\Roligio\AppData\Roaming\AVAST Software
[2013/11/12 17:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/11/12 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2013/11/11 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\Roligio\AppData\Local\{A8A2AE4E-B34F-4D57-BA80-9CAFBECEC63E}
[2013/11/04 23:32:02 | 000,000,000 | ---D | C] -- C:\Users\Roligio\AppData\Local\{06EDDA9C-6217-4E69-BD3D-163800EEE16D}
[2013/10/26 13:59:38 | 000,000,000 | ---D | C] -- C:\Users\Roligio\AppData\Local\{B2FAA972-B7FE-47AD-AC81-B9400DE3D795}
[20 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/25 07:24:01 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/25 07:24:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/25 07:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/24 19:58:12 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRoligio.job
[2013/11/24 09:48:18 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/11/24 09:47:49 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 09:47:49 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 09:39:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/24 09:39:54 | 1601,409,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 08:52:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/21 08:52:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/16 01:06:53 | 000,000,512 | ---- | M] () -- C:\Users\Roligio\Desktop\MBR.dat
[2013/11/16 00:35:09 | 000,001,074 | ---- | M] () -- C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/16 00:34:51 | 000,000,875 | ---- | M] () -- C:\Users\Roligio\Desktop\ERUNT.lnk
[2013/11/16 00:08:55 | 000,003,358 | ---- | M] () -- C:\Users\Roligio\Desktop\attach.zip
[2013/11/14 20:10:20 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/13 20:57:47 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/12 17:42:28 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/12 17:42:02 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/12 17:42:02 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/12 17:42:02 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/12 17:42:02 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/12 17:42:02 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/12 17:42:02 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/12 17:42:02 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/12 17:42:01 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/12 17:42:01 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/12 17:42:01 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/12 17:08:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/11/12 17:06:56 | 000,001,549 | ---- | M] () -- C:\Users\Roligio\Desktop\DivX Movies.lnk
[2013/11/12 17:06:33 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/11/12 17:05:41 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2013/11/12 16:28:43 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/11 01:56:25 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/11/11 01:55:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/11/08 11:53:14 | 000,013,654 | ---- | M] () -- C:\Users\Roligio\Documents\Processing Types.rtf
[20 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/16 01:06:53 | 000,000,512 | ---- | C] () -- C:\Users\Roligio\Desktop\MBR.dat
[2013/11/16 00:35:09 | 000,001,074 | ---- | C] () -- C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/16 00:34:51 | 000,000,875 | ---- | C] () -- C:\Users\Roligio\Desktop\ERUNT.lnk
[2013/11/16 00:08:54 | 000,003,358 | ---- | C] () -- C:\Users\Roligio\Desktop\attach.zip
[2013/11/14 20:10:20 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/11/14 20:10:20 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/13 20:57:45 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/12 17:06:33 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/11/08 11:53:13 | 000,013,654 | ---- | C] () -- C:\Users\Roligio\Documents\Processing Types.rtf
[2013/09/26 21:31:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2013/06/01 20:10:33 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/06/01 20:10:32 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/06/01 20:10:32 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/06/01 20:10:19 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/05/24 11:08:19 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/05/20 15:58:19 | 000,006,656 | ---- | C] () -- C:\Users\Roligio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/16 12:11:11 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/05/09 15:33:00 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ClsCoInstaller.dll
[2013/05/09 15:32:55 | 000,198,144 | ---- | C] () -- C:\Windows\DrvUtils.exe
[2013/05/08 18:29:11 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/08 18:29:11 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/10/12 14:51:36 | 000,000,159 | ---- | C] () -- C:\Windows\System32\eSy_Link.ini
[2012/03/01 16:41:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/30 17:03:28 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/12/30 16:50:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
========== ZeroAccess Check ==========
[2009/07/14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 08:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/05/21 17:16:29 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Auslogics
[2013/11/12 17:54:26 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\AVAST Software
[2013/08/13 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\calibre
[2013/05/16 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\DAEMON Tools Lite
[2013/09/19 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\IDT
[2013/06/18 13:22:40 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\OpenOffice.org
[2013/10/09 20:14:50 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Oracle
[2013/06/15 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\runic games
[2013/06/13 11:55:20 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Skip-Bo
[2012/10/05 15:40:38 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\SoftGrid Client
[2012/10/05 15:14:31 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Synaptics
[2012/10/05 15:21:02 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\TP
[2013/06/18 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\WildTangent
[2013/06/12 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Windows Live Writer
[2013/05/08 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\WinPatrol
========== Purity Check ==========
< End of report >
ReveurGAM
2013-11-25, 03:30
OTL Extras logfile created on: 25/11/2013 6:44:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roligio\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 38,39% Memory free
3,98 Gb Paging File | 2,12 Gb Available in Paging File | 53,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,70 Gb Total Space | 77,86 Gb Free Space | 27,45% Space Free | Partition Type: NTFS
Drive D: | 14,10 Gb Total Space | 1,54 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive E: | 99,00 Mb Total Space | 87,41 Mb Free Space | 88,29% Space Free | Partition Type: FAT32
Drive G: | 931,51 Gb Total Space | 253,79 Gb Free Space | 27,24% Space Free | Partition Type: NTFS
Computer Name: ROLIGIO-HP | User Name: Roligio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043FF7B9-DACC-4A1B-8788-4A0747F295EE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EF12DFEA-272A-4873-BC01-15371D9D096B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{195920E0-D3D8-4616-9E26-61C574950B05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6302C1B4-1B73-48A2-B6BA-20778B4CAA9C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{851BE295-05B7-484D-8988-2685E8D614C2}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B2422D2E-8DDC-4B8B-B04C-5839A2C28AD7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{C03D7587-0F53-4230-B001-01EC992CFF73}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C7C9D16C-E4A1-4E3B-BC03-CC5C32BB71A0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E61243A0-FD20-435C-9A14-E7500ED41A5C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E648E4E4-DFAA-4D02-9EBB-6F4B3A50C01D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EC9B8096-6DCC-4565-A310-4DA1F42B0CD7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F81BB49F-744D-4BBB-8831-6701AD84F1DF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FECCE149-94AD-48E8-B079-F5CACCC60C16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{243447AC-EE68-4FF2-A1F7-592AD75917D2}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{DDB606E4-5373-4FC6-8417-0C6E9045826F}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{021C6667-63D3-4416-B537-865E77F4DF4F}" = avast! Ad Blocker
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Atheros Bluetooth Suite
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DB8743E-A513-4AE5-A617-BD42D0653969}" = HP Launch Box
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC3AD66-3B4C-4122-805F-C03E8A680583}" = HP Security Assistant
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{860C8A24-AA98-476C-90D3-5046C0787987}" = HP Documentation
"{873F3340-3C79-41D1-9D2C-D0B2269CBF24}" = PowerPlugs: Template Finder 4.0 for PowerPoint
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BCE2B68D-8543-4ED6-8BF8-DB125A11A929}" = ESU for Microsoft Windows 7 SP1
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{DF9DAE00-F582-42F6-9537-B5F1F6858AE1}" = HP Software Framework
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Applian FLV Player2.0.24" = Applian FLV Player
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"CCleaner" = CCleaner
"DivX Setup" = DivX Setup
"EasyBilling_is1" = EasyBilling v3.9.4
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.5
"Krishand SSP" = Krishand SSP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.82.16930 32-bit
"SmartDraw 2014" = SmartDraw 2014
"SynTPDeinstKey" = Synaptics TouchPad Driver
"VIA USB Drivers" = VIA USB Drivers
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"WTA-1ac95b62-47ba-4057-ac6c-7d60d02ea298" = Insaniquarium Deluxe
"WTA-2f3ac78b-4eec-4e9f-b093-42c4c29b9851" = Dora's World Adventure
"WTA-31d7ef0c-b881-449a-97bd-ee24e2d7ba0f" = Letters from Nowhere 2
"WTA-369a2f0f-81ff-4efd-b6e0-800e77e2ed57" = Torchlight
"WTA-6127651b-fff3-4651-b0ba-636615d10775" = FATE - Undiscovered Realms
"WTA-7483b5fc-d7bf-4d82-8e37-9b395807644a" = Mah Jong Medley
"WTA-86bf0616-9571-4d7c-ad34-7fbc036a62d7" = FATE
"WTA-d2639fc7-3438-4e41-becd-fbb53f9c806e" = Luxor HD
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28/10/2013 8:46:30 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
Error - 28/10/2013 8:48:48 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
Error - 28/10/2013 8:51:25 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
Error - 28/10/2013 9:31:00 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
Error - 28/10/2013 11:47:37 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
Error - 28/10/2013 13:07:19 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
Error - 28/10/2013 20:56:21 | Computer Name = Roligio-HP | Source = WinMgmt | ID = 10
Description =
Error - 28/10/2013 20:58:11 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
Error - 28/10/2013 21:01:09 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
Error - 29/10/2013 0:10:00 | Computer Name = Roligio-HP | Source = .NET Runtime | ID = 1022
Description =
[ Hewlett-Packard Events ]
Error - 27/05/2013 1:03:14 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()
Error - 01/06/2013 6:09:55 | Computer Name = Roligio-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 2036 Ram Utilization:
50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 02/06/2013 21:37:55 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()
Error - 18/06/2013 1:08:59 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 18/06/2013 2:38:33 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 26/06/2013 12:27:49 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()
Error - 03/07/2013 22:25:41 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 09/07/2013 12:18:36 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()
Error - 15/07/2013 4:20:37 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 26/07/2013 12:23:17 | Computer Name = Roligio-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2036 Ram Utilization: TargetSite: Void UpdateAndDetect()
[ HP Software Framework Events ]
Error - 14/01/2012 6:50:03 | Computer Name = D18O078JF3K1O | Source = CaslWmi | ID = 5
Description = 2012/01/14 02:50:03.332|000009D0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
Error - 28/07/2013 20:18:05 | Computer Name = Roligio-HP | Source = hpqWmiEx | ID = 5
Description = 2013/07/29 07:18:05.963|00001200|Error |ChpqWmiExModule::Start|StartServiceCtrlDispatcher
FAILED. Error: 1063
[ System Events ]
Error - 22/06/2013 11:29:09 | Computer Name = Roligio-HP | Source = DCOM | ID = 10010
Description =
Error - 26/06/2013 0:38:13 | Computer Name = Roligio-HP | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 26/06/2013 0:42:44 | Computer Name = Roligio-HP | Source = DCOM | ID = 10010
Description =
Error - 27/06/2013 4:28:25 | Computer Name = Roligio-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.
Error - 27/06/2013 4:28:36 | Computer Name = Roligio-HP | Source = DCOM | ID = 10005
Description =
Error - 27/06/2013 4:28:36 | Computer Name = Roligio-HP | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053
Error - 28/06/2013 0:36:38 | Computer Name = Roligio-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.
Error - 28/06/2013 0:36:38 | Computer Name = Roligio-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.
Error - 28/06/2013 0:36:46 | Computer Name = Roligio-HP | Source = DCOM | ID = 10010
Description =
Error - 28/06/2013 16:15:15 | Computer Name = Roligio-HP | Source = DCOM | ID = 10010
Description =
< End of report >
Hi,
How are ya doing ?
Listen, I am looking at three Antivirus programs running, all you need is one, more than one is overkill and will severely hamper system performance. Its recommended by Microsoft that you just have one, keep it updated and run regular scans.
I am looking at Panda, Avast and AVG, you need to uninstall two of them via Programs and Features in the Control Panel, when your done, run a new scan with OTL and post the log as I see a bad entry that needs to be removed
ReveurGAM
2013-11-25, 08:44
Hi,
How are ya doing ?
Listen, I am looking at three Antivirus programs running, all you need is one, more than one is overkill and will severely hamper system performance. Its recommended by Microsoft that you just have one, keep it updated and run regular scans.
I am looking at Panda, Avast and AVG, you need to uninstall two of them via Programs and Features in the Control Panel, when your done, run a new scan with OTL and post the log as I see a bad entry that needs to be removed
I'm okay, thanks. How about you?
Begging your pardon but, if you look carefully, I think you'll see that there are not three AVs on my computer. Avast! is the only AV I have. Panda is a USB vaccinator and only works with USB devices, and AVG is a security toolbar for browsers.
If you feel there is a problem with the AVG toolbar, I have no problem with removing it but if you want the Panda vaccinator removed, I'll need a suitable substitute to vaccinate USB drives. What do you think?
Namaste, peace & love,
Glenn
Hello Glenn,
I saw them running as a windows service and was just concerned , if you use them and they cause you no problems than let them be.
Searching around the forums Avast may be picking up that Fluffermine as a false positive as I dont see it in any of your logs.
I see entries for Ask Toolbar, you may be able to remove it via Programs and Features in the Control Panel, its not malicious but is an inferior search engine.
Did you set this proxy ?
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
ReveurGAM
2013-11-25, 14:30
Hello Glenn,
I saw them running as a windows service and was just concerned , if you use them and they cause you no problems than let them be.
Searching around the forums Avast may be picking up that Fluffermine as a false positive as I dont see it in any of your logs.
I see entries for Ask Toolbar, you may be able to remove it via Programs and Features in the Control Panel, its not malicious but is an inferior search engine.
Did you set this proxy ?
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
When I got this computer from an associate of mine, I had to do a lot of work to clean out infections and update Windows and other programs (which are all currently up-to-date AFAIK), such as Adobe reader, Flashplayer, Shockwave player and my browsers.
I have removed the AVG Toolbar, as I don't use it.
I believe the Fluffermine (sic) hit is an FP, too.
Given the other infections, some of which I am not surprised by (like free video games) and others which surprised me a lot (like the two business documents that shouldn't be infected), I want to make sure things are ok.
I do not have Ask toolbar showing up in the Programs CP, and it shouldn't be installed. It doesn't show up in FF, IE or Chrome, and I have no other browsers. How do I get rid of it?
You may see Orbit Downloader, which left tracks all over the place when I uninstalled it (I don't recommend it and don't trust it) - some tracks of which still show up in contextual menus. If you know how to get rid of the tracks, that would be nice.
I had the Spybot proxy turned on, but it is now off because I was trying to discover what was causing significant lags. Should I turn it back on as I don't think it's the culprit?
That proxy port (21320) shows up in IE's settings, but it is disabled, and I don't know who set it. Does that setting show as inactive?
Namaste, peace & love,
Glenn
Glenn,
Lets clean you up , First run this tool and post the log. Then we can remove that proxy.
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
ReveurGAM
2013-11-25, 18:32
Trafficlight is from Bitdefender, and I have that installed as an extension. Same for Browser Protect.
# AdwCleaner v3.013 - Report created 25/11/2013 at 22:26:50
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Roligio - ROLIGIO-HP
# Running from : C:\Users\Roligio\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\Extensions\browserprotect@browserprotect.com.xpi
File Found : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\invalidprefs.js
File Found : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\searchplugins\avg-secure-search.xml
File Found : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\user.js
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\DAEMON Tools Toolbar
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\Users\Roligio\AppData\Local\AVG Secure Search
Folder Found C:\Users\Roligio\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Roligio\AppData\LocalLow\boost_interprocess
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (en-US)
[ File : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\prefs.js ]
Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Line Found : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonline.ro\nbancpost.ro\nbtrl.ro\ncrediteurope.ro\nalphabank.ro\nromexterra.ro\not[...]
-\\ Google Chrome v31.0.1650.57
[ File : C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6875 octets] - [25/11/2013 22:26:50]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6935 octets] ##########
Were going to run the Clean option, you can uncheck searchprotect, thats sometimes flagged as bad
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
ReveurGAM
2013-11-26, 01:47
# AdwCleaner v3.013 - Report created 26/11/2013 at 06:38:21
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Roligio - ROLIGIO-HP
# Running from : C:\Users\Roligio\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Roligio\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Roligio\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Roligio\AppData\LocalLow\boost_interprocess
[x] Not Deleted : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\Extensions\browserprotect@browserprotect.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\invalidprefs.js
File Deleted : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (en-US)
[ File : C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\prefs.js ]
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Line Deleted : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonline.ro\nbancpost.ro\nbtrl.ro\ncrediteurope.ro\nalphabank.ro\nromexterra.ro\not[...]
-\\ Google Chrome v31.0.1650.57
[ File : C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7015 octets] - [25/11/2013 22:26:50]
AdwCleaner[S0].txt - [7095 octets] - [26/11/2013 06:38:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7155 octets] ##########
ReveurGAM
2013-11-26, 02:02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Starter x86
Ran by Roligio on 26/11/2013 at 6:49:54,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\system32\sho109C.tmp
Successfully deleted: [File] C:\Windows\system32\sho1168.tmp
Successfully deleted: [File] C:\Windows\system32\sho2327.tmp
Successfully deleted: [File] C:\Windows\system32\sho2811.tmp
Successfully deleted: [File] C:\Windows\system32\sho2E72.tmp
Successfully deleted: [File] C:\Windows\system32\sho47EC.tmp
Successfully deleted: [File] C:\Windows\system32\sho4EF2.tmp
Successfully deleted: [File] C:\Windows\system32\sho4FF6.tmp
Successfully deleted: [File] C:\Windows\system32\sho5021.tmp
Successfully deleted: [File] C:\Windows\system32\sho77C6.tmp
Successfully deleted: [File] C:\Windows\system32\sho77DE.tmp
Successfully deleted: [File] C:\Windows\system32\sho7DA4.tmp
Successfully deleted: [File] C:\Windows\system32\sho8946.tmp
Successfully deleted: [File] C:\Windows\system32\sho976A.tmp
Successfully deleted: [File] C:\Windows\system32\shoA6AF.tmp
Successfully deleted: [File] C:\Windows\system32\shoA828.tmp
Successfully deleted: [File] C:\Windows\system32\shoE6D8.tmp
Successfully deleted: [File] C:\Windows\system32\shoEAF5.tmp
Successfully deleted: [File] C:\Windows\system32\shoFAB2.tmp
Successfully deleted: [File] C:\Windows\system32\shoFE42.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{0128CF19-4A38-41A1-9FBD-3F1B1E3C4FD7}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{0296E9F1-C3CB-48E4-8412-CD7170D8AAC9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{045BEE8D-7F67-4CFF-AC64-91A2945FED26}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{04E55107-F7E0-4C19-A23F-FBD30E8AC5C4}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{05268B9C-FB52-49A4-8E5B-E8EAF836B426}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{05448E6B-F202-43CC-84F0-23A3094E0055}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{06EDDA9C-6217-4E69-BD3D-163800EEE16D}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{08B0905B-5590-4A83-BACD-9F0A1CE23303}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{093D6ADF-B871-44E3-AD54-1B151EEEC2AC}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{09A8A5B8-E196-4EA0-B740-BA7AFA58479E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{0F9AFB78-70B5-4156-B075-209F05D01FA6}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1064D8DB-A2BC-46DC-8295-BBCFDAE7D336}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1323A1EF-C1A7-4803-BAD1-239D8BEA6679}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1567FF82-94F3-43A2-962D-0F807DB1968E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{16DF5DD3-96B0-497B-963F-611DBFEFD857}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1913FB5B-E7A0-4135-8ABB-0DBED1B04D82}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{198E6352-9758-4A86-8474-CD4677E52078}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1A16891D-539A-4928-A561-808F6B761A75}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1AC5AB22-2E84-43F0-A577-F4E958AF54CE}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1B75F818-6936-4332-BB13-2D75B6E4F18F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1C6EA360-404F-420E-BCAE-D80F2E0FB0BD}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1D9996D3-B7E1-426C-B5C1-5A1CD3D8ECD5}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1E407C6F-5EE2-41E6-ABA2-10361E73DD71}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{1E6B8F84-1FA6-43CD-A4E8-360A49BFF525}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{2273E87F-C46E-4CDD-AD3C-34D16AD0A905}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{227CD2FE-98DE-4BC8-83A8-84B3DAA89D02}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{23CD21F1-E146-49DB-969A-682431FB5515}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{2466AC9B-6424-4F0C-9E8C-B54AC3732925}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{2F7D247D-3343-44D4-9898-DD101CE19BBF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{31EB6618-B132-408E-AEF3-0F775BA3AEF0}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{32A4B776-63D1-4E9B-AD73-D68474C8C4FD}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{35F4CEE4-22C7-4A56-A496-655D5C4861CB}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{395F1C78-4EE6-4D84-B058-154AA2DE8D5B}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{3CFAFA7D-8641-4C7A-A1A9-948BD30CF947}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{3E0AC1CE-38EC-490F-AB92-CEE867A47ABF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{405303BD-1742-487D-BC6E-24E7DE596BFA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{41025E12-E654-4647-95D0-34A99AF3EC7E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{416461D6-D8BB-4273-A945-5FDB17C8DE09}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{454D3CB0-780B-437C-98AB-4556A4BCA98F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{4E9116F3-36A3-437F-8173-F9CFD23706DB}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{508BCEBA-0710-47F4-9736-107EE1AE663F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{51F5694E-F0E0-4E2B-82AF-525415623247}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{52D5576E-4A6E-484A-9DA0-F18DB3E21F45}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{54FE3CA1-1DE4-4430-B4C5-9842DCFE6E45}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{567C897A-D88B-4D58-85C7-3FCE04A10C8C}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{59E3F4CD-371E-4B7C-AC57-5FCF046B4803}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{5CAD006B-49E0-492C-B43B-F6B4725BCE80}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{62FA7D66-1FF0-4E2E-A58E-E8A7159B28B0}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{62FFA95B-CAAD-49BA-BA60-042950BEA060}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{6CB1C167-59FD-4E16-A375-DA1803350504}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{74174967-0F42-4413-9151-D626C79539DC}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{749F3478-8468-4A4F-A2AB-88F130B9AFAA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{7571CBEC-2DEB-4C8D-9E20-F071E09B68CE}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{78BEF714-E33A-4928-897D-81B0A07BD5DA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{8175CC32-5E26-4C69-8680-E3B837912511}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{837C9322-6C9D-41CC-B7FB-DE7BFD7AB1FF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{848583F2-00AA-4802-B11A-D349C8A010D4}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{86050653-CDD0-4A9C-AAD8-F9E8155196A0}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{87BC4845-00EC-47C5-A8BD-F46342B9F0A4}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{894C3FFD-0189-4A0F-A492-721EFC4DC597}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{8A27CF09-5D3E-47B8-9BD5-5576CA5F7F13}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{91498B06-0E6A-47C1-B7CB-A3D4E861E701}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{95755BB5-CE8E-4141-8FEC-14D0E5691CB9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{97CA6C7B-67D7-4393-8034-9CC98C34F28F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{98168EF1-644E-40E4-9819-04AEDF2093B9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{99D3CDAA-EE65-455D-A0EA-717449CDFE55}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{9A16CB8F-FAE9-4F14-9772-9631A9443F7A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A37B5743-0374-4F5A-B934-B64C4A32477E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A6676400-393A-411B-A790-4F0E02CADDF9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A695FBDE-04B3-4031-B95C-54B8191B2C6B}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A8A2AE4E-B34F-4D57-BA80-9CAFBECEC63E}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A90A3981-BEA5-4277-A5E7-7A0BA329972F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A962D936-F5A3-4835-BDD2-DB9D1B0A45EB}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{A99679CF-4893-4CEC-B0B2-CE851C3D0360}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{ADED006A-F0E7-45F6-B94D-A4639C1FA4A0}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{AF97B9B4-5E9F-4087-927F-4BE837E141F9}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{B2FAA972-B7FE-47AD-AC81-B9400DE3D795}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{B6BC8B7F-FBE7-4EF7-819F-7FF497455BFF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{B7336F90-759C-407E-8529-C43547C10503}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{B99EBC62-EA86-4FE7-B9B8-016D83C65226}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{BE5D26BC-C3BC-4067-AA35-ED5C1D3B6F4F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{C0A8A07D-A0F8-4D35-966A-CEECEEFB16DC}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{C1F1EB25-7662-4E31-988D-F94F8A289CAE}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{C9700CCE-DB0C-4B46-BD1A-653FAD9396EA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{C9EA5C57-C901-45BE-ADA5-CD99150CBEA8}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{CCADE91F-5208-4FE9-A76E-4251A5AD1F7A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{CE602CC7-62B2-4EA6-88EB-4647EDA5231F}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{CF1AE137-4B81-4D36-BEF4-ED6E4DF20349}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{D00AFAC6-3D48-4E9C-9C3E-65B98E1BD0E4}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{D193B513-6C4A-4FC1-B89D-05FA31FAECAF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{D883BA26-ABCE-4553-9A2A-2DDDF374F03A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{DD32CA6D-EB60-450B-8390-9A74363A939D}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{DDF5B2CC-798F-426F-AA29-DB464867500A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{DF2B696B-798B-4CD3-8E8B-CEB44C0812BF}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{DF3594FD-5C84-4502-AF13-DD11A7207EFA}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{E41B3E34-01FC-4D45-B6E2-ED7925854452}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{E456AFAD-6294-4A8A-AD1F-9B6E2DCE0B81}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{E5BD974F-7BDA-433C-9F88-D7C3C6F73055}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{EA1B78D3-3F74-4FDA-863A-EA5FEB1396A1}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{EC61FF21-0D8C-470E-B0C1-89E02F0725BC}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{EDB140DE-78F6-49B2-9D27-CCE0164DC204}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F23FD1BD-3F12-4FC1-8210-7990D7032A5A}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F46DF804-99AD-4192-A95D-48DCA3DC41F6}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F5E3547E-AE85-43A0-8004-29A041E2E63B}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F80B9548-3277-448D-A994-922A5465350C}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{F9E265AF-07EE-4E73-A935-110F25ADAA42}
Successfully deleted: [Empty Folder] C:\Users\Roligio\appdata\local\{FD5175EA-B74B-4551-817D-8E4EF69D8715}
~~~ FireFox
Successfully deleted: [File] C:\Users\Roligio\AppData\Roaming\mozilla\firefox\profiles\7zvcof2w.default\extensions\browserprotect@browserprotect.com.xpi
Successfully deleted the following from C:\Users\Roligio\AppData\Roaming\mozilla\firefox\profiles\7zvcof2w.default\prefs.js
user_pref("extensions.TrafficLightSettings.an", "1");
user_pref("extensions.TrafficLightSettings.date", "14 November 2013");
user_pref("extensions.TrafficLightSettings.firstTime", "3");
user_pref("extensions.TrafficLightSettings.hour", "17");
user_pref("extensions.TrafficLightSettings.ls_social", "0");
user_pref("extensions.TrafficLightSettings.ph_sign", "/****************************************************************************************\r\n****************************
Emptied folder: C:\Users\Roligio\AppData\Roaming\mozilla\firefox\profiles\7zvcof2w.default\minidumps [91 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/11/2013 at 6:56:47,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lets use OTL to check for leftovers and we can also use it to remove that bad proxy, so go ahead and run a new scan and post the log, dont knock yourself out looking for the extra log, you only get that in the first run.
ReveurGAM
2013-11-26, 08:05
OTL logfile created on: 26/11/2013 10:17:53 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roligio\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,48% Memory free
3,98 Gb Paging File | 2,30 Gb Available in Paging File | 57,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,70 Gb Total Space | 78,26 Gb Free Space | 27,59% Space Free | Partition Type: NTFS
Drive D: | 14,10 Gb Total Space | 1,54 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive E: | 99,00 Mb Total Space | 87,41 Mb Free Space | 88,29% Space Free | Partition Type: FAT32
Drive G: | 931,51 Gb Total Space | 248,64 Gb Free Space | 26,69% Space Free | Partition Type: NTFS
Computer Name: ROLIGIO-HP | User Name: Roligio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Roligio\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Windows\DrvUtils.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe ()
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
PRC - C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe ()
========== Services (SafeList) ==========
SRV - (vToolbarUpdater17.1.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (CDMA Device Utility and Service) -- C:\Windows\DrvUtils.exe ()
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV - (tctusbser) -- system32\DRIVERS\tctusbser.sys File not found
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (btath_avdt) -- C:\Windows\System32\drivers\btath_avdt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (via_cdc_acm) -- C:\Windows\System32\drivers\VIA_USB_SER.sys (VIA Telecom)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VIA_USB_ETS) -- C:\Windows\System32\drivers\VIA_USB_ETS.sys (Via Telecom, Inc.)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (fcusbser) -- C:\Windows\System32\drivers\fcusbser.sys (BM)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/88
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B9fb8c270-7124-11dd-ad8b-0800200c9a66%7D:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: %7Be6c4c3ef-3d4d-42d6-8283-8da73c53a283%7D:2.6.1
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B1ced4832-f06e-413f-aa14-9eb63ad40ace%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: wikilook%40testpilot:2.7.0
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.7
FF - prefs.js..extensions.enabledAddons: trafficlight%40bitdefender.com:0.2.16
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@fancyguo.com/FancyGame,version=1.0.0.1: C:\Users\Roligio\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/12 17:42:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 12:32:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 12:32:41 | 000,000,000 | ---D | M]
[2012/10/15 11:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Extensions
[2013/11/26 06:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions
[2013/11/01 21:33:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/07/27 14:23:44 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\donottrackplus@abine.com
[2013/08/16 23:01:29 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013/05/12 15:40:28 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\anticontainer@downthemall.net.xpi
[2013/11/10 19:07:32 | 000,343,543 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\artur.dubovoy@gmail.com.xpi
[2013/05/20 08:27:20 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\customization@adblockplus.org.xpi
[2013/05/20 08:27:26 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/05/12 15:40:17 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\gmailnoads@mywebber.com.xpi
[2013/07/27 14:32:10 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013/05/18 01:46:59 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2013/11/13 07:48:44 | 000,921,410 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\trafficlight@bitdefender.com.xpi
[2013/05/20 09:15:34 | 000,169,939 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\wikilook@testpilot.xpi
[2013/11/24 09:13:26 | 000,382,345 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/05/20 09:15:34 | 000,018,589 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi
[2013/05/20 09:15:34 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013/05/12 15:40:17 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2013/05/12 15:40:16 | 000,023,197 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}.xpi
[2013/10/10 11:21:29 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 09:15:33 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/05/12 15:40:16 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/05/20 09:15:33 | 000,062,136 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}.xpi
[2013/05/12 15:40:16 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\Roligio\AppData\Roaming\Mozilla\Firefox\Profiles\7zvcof2w.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013/11/16 12:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/16 12:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/16 12:33:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/12 17:42:05 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: DownloadAll = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajffocjdcmpgjmdfdfkdfdbkjafbkcke\2.1.1_0\
CHR - Extension: WOT = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.3.1_0\
CHR - Extension: YouTube = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Search All = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.2.5_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1016_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: AdBlock = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: avast! Online Security = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Disconnect = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: Google Wallet = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Roligio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\941e05c1-dbbd-4769-9e24-24d1a874f7e7.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32 [2013/11/26 06:51:30 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32 [2013/11/26 06:51:30 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32 [2013/11/26 06:51:30 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Persistence] C:\Windows\System32 [2013/11/26 06:51:30 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86B1ABA0-7739-4F8B-A0A9-5830396DF100}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F662485A-1E48-424D-92AF-2CEB26B9F4FA}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8c57d54e-9113-11e2-9ccf-9cb70dfba991}\Shell - "" = AutoRun
O33 - MountPoints2\{8c57d54e-9113-11e2-9ccf-9cb70dfba991}\Shell\AutoRun\command - "" = E:\Windows\autorun.exe
O33 - MountPoints2\{c4f01af2-bef1-11e2-905d-9cb70dfba991}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f01af2-bef1-11e2-905d-9cb70dfba991}\Shell\AutoRun\command - "" = E:\.\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/26 06:49:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/25 22:26:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/16 12:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/16 00:36:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/16 00:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/14 23:18:59 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/14 23:18:56 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/14 23:18:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/14 23:18:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/14 23:18:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/14 23:18:51 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/14 23:18:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/14 23:18:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/14 23:18:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/14 23:18:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/14 20:10:11 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/11/14 11:56:10 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/14 11:56:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/14 06:55:34 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/14 06:55:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/14 04:20:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/14 04:20:25 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/12 17:54:26 | 000,000,000 | ---D | C] -- C:\Users\Roligio\AppData\Roaming\AVAST Software
[2013/11/12 17:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/11/12 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/26 11:24:54 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 11:18:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 07:24:19 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 06:50:06 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 06:50:06 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 06:43:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/11/26 06:42:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRoligio.job
[2013/11/26 06:42:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 06:42:06 | 1601,409,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 08:52:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/21 08:52:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/16 00:35:09 | 000,001,074 | ---- | M] () -- C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/16 00:34:51 | 000,000,875 | ---- | M] () -- C:\Users\Roligio\Desktop\ERUNT.lnk
[2013/11/14 20:10:20 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/13 20:57:47 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/12 17:42:28 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/12 17:42:02 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/12 17:42:02 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/12 17:42:02 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/12 17:42:02 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/12 17:42:02 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/12 17:42:02 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/12 17:42:02 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/12 17:42:01 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/12 17:42:01 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/12 17:42:01 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/12 17:08:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/11/12 17:06:56 | 000,001,549 | ---- | M] () -- C:\Users\Roligio\Desktop\DivX Movies.lnk
[2013/11/12 17:06:33 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/11/12 17:05:41 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2013/11/11 01:56:25 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/11/11 01:55:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/11/08 11:53:14 | 000,013,654 | ---- | M] () -- C:\Users\Roligio\Documents\Processing Types.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/16 00:35:09 | 000,001,074 | ---- | C] () -- C:\Users\Roligio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/16 00:34:51 | 000,000,875 | ---- | C] () -- C:\Users\Roligio\Desktop\ERUNT.lnk
[2013/11/14 20:10:20 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/11/14 20:10:20 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/13 20:57:45 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/11/12 17:06:33 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/11/08 11:53:13 | 000,013,654 | ---- | C] () -- C:\Users\Roligio\Documents\Processing Types.rtf
[2013/09/26 21:31:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2013/06/01 20:10:33 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/06/01 20:10:32 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/06/01 20:10:32 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/06/01 20:10:19 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/05/24 11:08:19 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/05/20 15:58:19 | 000,006,656 | ---- | C] () -- C:\Users\Roligio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/16 12:11:11 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/05/09 15:33:00 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ClsCoInstaller.dll
[2013/05/09 15:32:55 | 000,198,144 | ---- | C] () -- C:\Windows\DrvUtils.exe
[2013/05/08 18:29:11 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/08 18:29:11 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/10/12 14:51:36 | 000,000,159 | ---- | C] () -- C:\Windows\System32\eSy_Link.ini
[2012/03/01 16:41:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/30 17:03:28 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/12/30 16:50:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
========== ZeroAccess Check ==========
[2009/07/14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 08:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/05/21 17:16:29 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Auslogics
[2013/11/12 17:54:26 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\AVAST Software
[2013/08/13 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\calibre
[2013/05/16 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\DAEMON Tools Lite
[2013/09/19 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\IDT
[2013/06/18 13:22:40 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\OpenOffice.org
[2013/10/09 20:14:50 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Oracle
[2013/06/15 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\runic games
[2013/06/13 11:55:20 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Skip-Bo
[2012/10/05 15:40:38 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\SoftGrid Client
[2012/10/05 15:14:31 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Synaptics
[2012/10/05 15:21:02 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\TP
[2013/06/18 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\WildTangent
[2013/06/12 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\Windows Live Writer
[2013/05/08 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Roligio\AppData\Roaming\WinPatrol
========== Purity Check ==========
< End of report >
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
ReveurGAM
2013-11-26, 17:19
All processes killed
========== OTL ==========
HKU\S-1-5-21-388703472-1196209991-2700474470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Roligio\Downloads\cmd.bat deleted successfully.
C:\Users\Roligio\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Roligio
->Java cache emptied: 358406 bytes
Total Java Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Roligio
->Temp folder emptied: 7965858 bytes
->Temporary Internet Files folder emptied: 36159011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106706209 bytes
->Google Chrome cache emptied: 273608427 bytes
->Flash cache emptied: 1556 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10715514 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8895552 bytes
RecycleBin emptied: 516564094 bytes
Total Files Cleaned = 916,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11262013_212756
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Good, you have Malwarebytes installed, open it, go to the update tab and update it, then just run the Quick scan, if it picks up entries than post the log , if it comes back with no threats found then let me know.
How is your system behaving now ??
ReveurGAM
2013-11-26, 18:27
Well, when I restarted my computer (as per your OTL script), as often happens now, it hung on a black screen. I turned it off (7 sec. depression of power button) then turned it on, which pushed it into the system repair feature, after which I turned it off and on, and it hung again. I did it one more time and was able to get into Windows. I suspect this is because several months ago I was using System Restore points a lot, going back and forth.
MBAM didn't find anything. Have you actually identified any sort of infection at this point, or is it just PUPs?
BTW, thanks for your speedy responses! I'm going to bed now, so see you tomorrow morning. :)
FYI, there is a bug on this forum. I don't know if it's actually the forum, or a problem with an extension on FF, or something else, but if I am working on a reply and the software times me out (logs me off), when I select "post" (not knowing that I've been logged out), I then log in to finish posting it and I am taken to a blank screen - and, as I just discovered, my message doesn't get posted although the web address includes "post reply" in it.
Namaste, peace & love,
Glenn
Glenn,
Just turn your computer on and off normally a few times, it may straighten that out.
Pressing and holding the power button for a few seconds in not a good habit to get into, just should be used for emergencies, I know, sometimes we need to use it. If this happens quite often I can link you to a windows forum that may be able to sort that out
Your logs look clean, nothing to worry about.
As far as the forum, does this just happen with FF or with IE as well ?
The last fix with OTL cleared out all your old restore points and created a new one. Dont know what to tell you, a friend in town had some windows issues using Win 7, first thing I did was to use System Restore to see if it would fix it and after the restore it would not start, had to work on fixing that also.
ReveurGAM
2013-11-27, 03:38
I do not like using the power button to turn the computer off because I know its not good for it, but when the computer goes to a black screen and doesn't change for an extended period of time, there is no other choice that I'm aware of. It happens pretty much every time I shut down/reboot, although it seems that it happens when it's trying to start Windows rather than during the shutdown process. I also sometimes have problems with the BSOD, although it hasn't happened since I upgraded FF a week or so ago. That could be coincidental but before the BSOD would be presaged by one or more instances while watching a movie where the audio would seem to catch and make an obnoxious noise, which could last a few seconds, or be resolved by CTRL-SHIFT-ESC/CTRL-ALT-DEL, but eventually I'd get the BSOD if I didn't reboot first.
If you have a recommendation of where I can ask for advice on the black screen, I'm happy to check it out. I'm thinking I'll have to reinstall Windows from the HDD image.
I have not used IE with the forum. I'm quite new here, as you can see, and I generally use FF for all my browsing. The problem has happened twice this week, under the circumstances I described.
Namaste, peace & love,
Glenn
ReveurGAM
2013-11-27, 08:14
I just had the aforementioned BSOD experience. Immediately after restarting, I opened FF and then started a video, and got the same annoying sound using Windows Media Player (I usually use MPC) but Windows didn't crash.
Good Morning,
I think at this point the problems your having could be windows or hardware related.
Why dont you go to this site and register, like Safer its free, use your same user name that your using here.
http://www.whatthetech.com/
Then post in there windows forum, you can also link them to this thread so they can see what we have done so far
http://forums.whatthetech.com/index.php?showforum=119
They can run you through some tests to determine if your problem is hardware or software related and offer advice
Ken :)
ReveurGAM
2013-11-28, 02:54
Thanks for your help, Ken. I will do that. I appreciate your help!
What is your opinion on the Spybot proxy?
Namaste, peace & love,
Glenn
That proxy was not normal for running IE so I am assuming that malware put it there.
Post back and let me know when you post at WTT so I can follow along and offer advice if they need it
ReveurGAM
2013-11-28, 16:36
Yeah, I disabled that proxy when I found it. Thought it odd but I can be forgetful so I didn't think much of it.
Here's my WTT thread: Hanging and BSOD problems (http://forums.whatthetech.com/index.php?showtopic=127388)
Thanks again! Especially since you were getting back to me multiple times a day!
Namaste, peace & love,
Glenn
:bigthumb:
I'm linked so will get notifications when there is a reply